Android has two addressing schemes. I forget exactly how these are used, but you'll need to use the proper base address for add_ib 1 instead of the SCM offset on PC. I think ib 0 is the local game offsets and ib 0 addresses a "global" offset, but it's been a very long time since I've been working on this stuff.

I haven't been having much luck with my recent ADMA strategies either. It seems to work as expect to a point but fails with larger values. I have yet to try negative addressing like you are using here.

How are you replacing main.scm? That file seemed to be pretty well locked down the last time I looked.

I'll see if I can dig up any old reference for the base addresses for ib 0 and ib 1. I had this info once, but for earlier versions than 1.08.

Added: protect 1﻿﻿﻿﻿﻿ this might be a problem. Does your code work without it?

Share on other sites

OrionSR
2,138

OrionSR
2,138

I would expect this conflict to crash the game even if everything else was done correctly. This complicates the problem beyond my experience. You might find useful information in early topics on memory management like you referenced above.

Your original question was on ADMA addressing. I suggest that you write with the cleoA opcode and read with ADMA to avoid conflicts with protected memory.

&0([email protected],1i) I'm expecting this to address global variable $9765 if [email protected] = 9765 and add_ib = 0. $9765 is the start of Roulette's Cash Won array (151i) and should be a safe place to write data without breaking anything.

add_ib 1: Read 4 dwords with add_ib 1 starting at offset 0. Use cleoA opcode to search through memory until a match is found for all 4 dwords. This should provide you will the appropriate offset required to calculate other addresses.

Share on other sites

OrionSR
2,138

OrionSR
2,138

& - ADMA (Advanced Direct Memory Access).
Reads/writes the values within the SCM even not in the variables block.
Does not affect the second segment size.

ADMA can be used the same as a global variable.

I have only recently started working with ADMA again. I'm having problems with ADMA and would also like to find better reference for using it.

There are cleoA opcodes for reading and writing memory. Look them up.

I do not know how to write to protected memory (protect 1). I expect this strategy to fail unless a solution is found. (I'm not looking for a solution at this time.)

Important variables are missing from the equation. You can wait for someone else to bring the answers to you, or you might be able to find reference to these key values or figure them out using the tools that are available. I was suggesting that you start with something simple, like reading the value of a global variable. $9765 should be a safe variable to use for an experiment.

Share this post

Link to post

Share on other sites

OrionSR
2,138

OrionSR
2,138

Ah, good progress. I recommend that you file reports of your progress and failures in this topic. If an expert with answers finds this topic they are more likely to offer assistance if they see you are trying hard and are serious about the project.

1 hour ago, user1592591 said:

How do I log readed value? Without gxt

Use CleoA and whatever GXT options it has available for easy testing. Or reuse standard GXT for your own purpose. Sometimes you may need to remember that "Beefy Baron" means "Match Found" but a search through this All GXT for SA data can often find text a little closer to the correct meaning. GXT with numbers (~1~) can be used to display value even if the text is not appropriate.

0xCCAAFFEE, this is supposed to be data. I made up a number which I thought might be unique so you would be unlikely to find a match with normal data. If you want to avoid false positive, try writing to and reading from 4 unique numbers in a row as suggested in an earlier post.

$9765 = 0xCCAAFFEE // in case it wasn't clear, this will write data to an address in memory for variable $9765. Finding this address provides data used to calculate addresses using different addressing schemes.

42 minutes ago, user1592591 said:

0@=&0(1@,1i)

Sanny can't tell if your variable are holding integers or floating point values when both sides of the equation are variables. Otherwise Sanny would put in the correct opcode for you. Look up the appropriate opcode to assign a local variable equal to a global variable (ADMA works like global variables). Use the integer version since the value doesn't really matter. Basically, if what you wrote equals (==, and evaluation, not an assignment) what you read then print Success.

Other responses seem to be related to issues above. I'll look for other conceptual errors but you will probably need to rethink your experiments.

27 minutes ago, user1592591 said:

008A:1@= $9765 008A:0@=&0(1@,1i)

This was very close. Fix opcode in second line for local = global // int version for a good test.

Share this post

Link to post

Share on other sites

MegaFox
3

MegaFox
3

Ah, good progress. I recommend that you file reports of your progress and failures in this topic. If an expert with answers finds this topic they are more likely to offer assistance if they see you are trying hard and are serious about the project.

Use CleoA and whatever GXT options it has available for easy testing. Or reuse standard GXT for your own purpose. Sometimes you may need to remember that "Beefy Baron" means "Match Found" but a search through this All GXT for SA data can often find text a little closer to the correct meaning. GXT with numbers (~1~) can be used to display value even if the text is not appropriate.

0xCCAAFFEE, this is supposed to be data. I made up a number which I thought might be unique so you would be unlikely to find a match with normal data. If you want to avoid false positive, try writing to and reading from 4 unique numbers in a row as suggested in an earlier post.

$9765 = 0xCCAAFFEE // in case it wasn't clear, this will write data to an address in memory for variable $9765. Finding this address provides data used to calculate addresses using different addressing schemes.

Sanny can't tell if your variable are holding integers or floating point values when both sides of the equation are variables. Otherwise Sanny would put in the correct opcode for you. Look up the appropriate opcode to assign a local variable equal to a global variable (ADMA works like global variables). Use the integer version since the value doesn't really matter. Basically, if what you wrote equals (==, and evaluation, not an assignment) what you read then print Success.

Other responses seem to be related to issues above. I'll look for other conceptual errors but you will probably need to rethink your experiments.

This was very close. Fix opcode in second line for local = global // int version for a good test.

I have edited my comments above, and am likely to edit my commends while I'm active in this topic. Please refresh the page regularly for updates.

It looks like a better explanation of arrays would be helpful. I'll update this post with information specific to this task but I recommend that you review documentation on the use of arrays in general.

Notes: Sanny can figure out these opcodes if you leave them out because one side of the equation is a hard coded integer.
0004: $9765 = 0xCCAAFFEE // with proper opcode for set global equal to an integer.
0006: [email protected] = 9765 // with proper opcode for set local equal to an integer.

I have edited my comments above, and am likely to edit my commends while I'm active in this topic. Please refresh the page regularly for updates.

It looks like a better explanation of arrays would be helpful. I'll update this post with information specific to this task but I recommend that you review documentation on the use of arrays in general.

Share this post

Link to post

Share on other sites

OrionSR
2,138

OrionSR
2,138

This works, sound plays. But I still do not understand what kind of array and where this memory address comes from ﻿...

I think that I understand your confusion, but I'm not sure how to explain. However, congratulations on a successful script. A working example should help with further progress. This was just the first step. I wanted to suggest a test using cleoA opcodes to read addresses directly, instead of this array exploit trick. Is this an option for short term tests?

Thanks, but I'll use cleo or edit my saves. Modifying the APKs is more than I'm ready to deal with at this time. Besides, I'm working towards strategies that will work on iOS, so I'm not expecting an APK strategy to be particularly useful in the long run.

Arrays... this is tricky because arrays are a basic concept of programming. It's hard to explain how we are tricking the game into access information using arrays if you aren't familiar with how arrays are used normally. So I'm going to sleep on it, maybe I'll think of something. In the meantime, please review basic reference on arrays and take a look at how the game uses them in SCM.

What is the option for short term tests? Script HOME_BRAINS? No, it can also be used for regular scripts, but you need to have a cycle there, otherwise the script will be restarted all the time. By default, it does not start from anywhere, you need to add a few lines yourself; and then align the size of the MAIN stream so that the saves work. The EXTERNAL SCRIPT size is not taken into account when checking the MAIN size, and I decided to use this workaround.

Share this post

Link to post

Share on other sites

MegaFox
3

MegaFox
3

I decided to switch from CLEO to SCM, because the author of CLEO Android stopped updating CLEO, and the libcleo.so library conflicts with SAMP Android and crash occurs. SAMP Android author refuses to do something about it. And SCM has one huge plus, it is supported on any platform. And now only through SCM can I run CLEO scripts in SAMP Android. It remains only to learn how to write memory adresses

Share this post

Link to post

Share on other sites

OrionSR
2,138

OrionSR
2,138

Okay, can you provide contact information for the author of SAMP Android?

Will these strategies be used to bypass SAMP security? Can this be used to cheat other players?

Can all iOS and Android users use a custom main? My information on mobile modding strategies is out of date. I'm familiar with restrictions unless a device is rooted or... jailbroken?

Please choose another goal. The current goal is not possible due to protected memory. If you work on something that works with protect 0 we might get it to work.

Sorry, those codes were the examples pulled from opcode search in Sanny and are completely out of context with each other. These are the tools we need to use, not how to use them. However...

0DD7: $9765 = get_image_base ; android

Run that, save, and upload the save to GTASnP.com. Send me the link and I'll dig out the image base. Or experiment with GXT keys to show text like High Score ~1~ to display the value of $9765. This should be a static address for a particular version. Maybe set an integer stat equal to $9765 so it's easy to read in the stat menu.

Share this post

Link to post

Share on other sites

MegaFox
3

MegaFox
3

Okay, can you provide contact information for the author of SAMP Android?

Will these strategies be used to bypass SAMP security? Can this be used to cheat other players?

Can all iOS and Android users use a custom main? My information on mobile modding strategies is out of date. I'm familiar with restrictions unless a device is rooted or... jailbroken?

Please choose another goal. The current goal is not possible due to protected memory. If you work on something that works with protect 0 we might get it to work.

Sorry, those codes were the examples pulled from opcode search in Sanny and are completely out of context with each other. These are the tools we need to use, not how to use them. However...

0DD7: $9765 = get_image_base ; android

Run that, save, and upload the save to GTASnP.com. Send me the link and I'll dig out the image base. Or experiment with GXT keys to show text like High Score ~1~ to display the value of $9765. This should be a static address for a particular version. Maybe set an integer stat equal to $9765 so it's easy to read in the stat menu.

Please define at least the start address of the SCM block for Android, and explain to me how you do it. I will be able to edit at least unprotected addresses.

I will change other addresses using IDA Pro, patch libGTASA.so. Or make unprotected